wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2021-06-07 15:37:58 +02:00
parent 06ebcca913
commit 69948b3648
2 changed files with 169 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/ssl.c
View File

@@ -32057,7 +32057,8 @@ int wolfSSL_RSA_set0_crt_params(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *dmp1,
r->iqmp = iqmp;
}
return WOLFSSL_SUCCESS;
return SetRsaInternal(r) == WOLFSSL_SUCCESS ?
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
void wolfSSL_RSA_get0_factors(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **p,
@@ -32099,7 +32100,8 @@ int wolfSSL_RSA_set0_factors(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *p, WOLFSSL_BIGNUM *
r->q = q;
}
return WOLFSSL_SUCCESS;
return SetRsaInternal(r) == WOLFSSL_SUCCESS ?
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n,
@@ -33842,7 +33844,8 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
}
/* private key */
key->type = ECC_PRIVATEKEY;
if (!mp_iszero(&key->k))
key->type = ECC_PRIVATEKEY;
}
eckey->inSet = 1;
@@ -37908,7 +37911,7 @@ void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags)
int wolfSSL_RSA_test_flags(const WOLFSSL_RSA *r, int flags)
{
return r ? r->meth->flags & flags : 0;
return r && r->meth ? r->meth->flags & flags : 0;
}
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
@@ -38014,7 +38017,8 @@ int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
r->d = d;
}
return 1;
return SetRsaInternal(r) == WOLFSSL_SUCCESS ?
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
#endif /* OPENSSL_EXTRA */
#endif /* NO_RSA */
@@ -38141,6 +38145,15 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
ret = wc_EccPublicKeyDecode(derBuf, &idx, (ecc_key*)key->internal,
derSz);
}
if (ret < 0 && opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) {
/* Might be in PKCS8 format so let's try */
idx = 0;
ret = ToTraditionalInline(derBuf, &idx, (word32)derSz);
if (ret > 0) {
ret = wc_EccPrivateKeyDecode(derBuf, &idx,
(ecc_key*)key->internal, derSz);
}
}
if (ret < 0) {
if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) {
WOLFSSL_MSG("wc_EccPrivateKeyDecode failed");
@@ -48134,14 +48147,18 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
key = (RsaKey*)rsa->internal;
if (SetIndividualInternal(rsa->n, &key->n) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("rsa n key error");
return WOLFSSL_FATAL_ERROR;
if (rsa->n != NULL) {
if (SetIndividualInternal(rsa->n, &key->n) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("rsa n key error");
return WOLFSSL_FATAL_ERROR;
}
}
if (SetIndividualInternal(rsa->e, &key->e) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("rsa e key error");
return WOLFSSL_FATAL_ERROR;
if (rsa->e != NULL) {
if (SetIndividualInternal(rsa->e, &key->e) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("rsa e key error");
return WOLFSSL_FATAL_ERROR;
}
}
/* public key */

255
wolfcrypt/src/evp.c
View File

@@ -6060,48 +6060,123 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
}
#ifndef NO_RSA
WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey)
#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey)
{
if (!pkey) {
return NULL;
}
return pkey->rsa;
}
int ret = 0;
int derSz = 0;
word32 pkcs8Sz = 0;
byte* derBuf = NULL;
RsaKey* rsa = NULL;
WOLFSSL_RSA *key = NULL;
WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
{
WOLFSSL_RSA* local;
WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA");
if (key == NULL) {
return NULL;
if (pkey == NULL || pkey->rsa == NULL || pkey->rsa->internal == NULL) {
WOLFSSL_MSG("bad parameter");
return WOLFSSL_FAILURE;
}
local = wolfSSL_RSA_new();
if (local == NULL) {
WOLFSSL_MSG("Error creating a new WOLFSSL_RSA structure");
return NULL;
}
key = pkey->rsa;
rsa = (RsaKey*)pkey->rsa->internal;
if (key->type == EVP_PKEY_RSA) {
if (wolfSSL_RSA_LoadDer(local, (const unsigned char*)key->pkey.ptr,
key->pkey_sz) != SSL_SUCCESS) {
/* now try public key */
if (wolfSSL_RSA_LoadDer_ex(local,
(const unsigned char*)key->pkey.ptr, key->pkey_sz,
WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) {
wolfSSL_RSA_free(local);
local = NULL;
/* Get DER size */
if (rsa->type == RSA_PRIVATE) {
ret = wc_RsaKeyToDer(rsa, NULL, 0);
if (ret > 0) {
derSz = ret;
#ifdef HAVE_PKCS8
if (key->pkcs8HeaderSz) {
ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, NULL, derSz,
RSAk, NULL, 0);
if (ret == LENGTH_ONLY_E)
ret = 0;
}
#endif
}
}
else {
WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an RSA key");
wolfSSL_RSA_free(local);
local = NULL;
ret = wc_RsaKeyToPublicDer(rsa, NULL, 0);
if (ret > 0)
derSz = ret;
}
return local;
if (derSz == 0 || ret < 0) {
WOLFSSL_MSG("Error getting RSA DER size");
return WOLFSSL_FAILURE;
}
derBuf = (byte*)XREALLOC(pkey->pkey.ptr, derSz,
pkey->heap, DYNAMIC_TYPE_DER);
if (derBuf == NULL) {
WOLFSSL_MSG("EVP_PKEY_set1_RSA malloc failed");
return WOLFSSL_FAILURE;
}
/* Old pointer is invalid from this point on */
pkey->pkey.ptr = (char*)derBuf;
if (rsa->type == RSA_PRIVATE) {
ret = wc_RsaKeyToDer(rsa, derBuf, derSz);
if (ret > 0) {
derSz = ret;
#ifdef HAVE_PKCS8
if (key->pkcs8HeaderSz) {
byte* keyBuf = derBuf;
int keySz = derSz;
derSz = pkcs8Sz;
/* Need new buffer for PKCS8 since we can't
* do this in-place */
derBuf = (byte*)XMALLOC(pkcs8Sz, pkey->heap,
DYNAMIC_TYPE_DER);
if (derBuf != NULL) {
ret = wc_CreatePKCS8Key(derBuf, (word32*)&derSz, keyBuf,
keySz, RSAk, NULL, 0);
XFREE(keyBuf, pkey->heap, DYNAMIC_TYPE_DER);
pkey->pkey.ptr = (char*)derBuf;
}
else
ret = MEMORY_E;
}
#endif
}
}
else {
/* Public key to DER */
ret = wc_RsaKeyToPublicDer(rsa, derBuf, derSz);
if (ret > 0)
derSz = ret;
}
if (ret < 0) {
WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed");
return WOLFSSL_FAILURE;
}
else {
pkey->pkey_sz = derSz;
return WOLFSSL_SUCCESS;
}
}
#endif
WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey)
{
WOLFSSL_MSG("wolfSSL_EVP_PKEY_get0_RSA");
if (pkey == NULL)
return NULL;
return pkey->rsa;
}
WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* pkey)
{
WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA");
if (pkey == NULL || pkey->rsa == NULL)
return NULL;
if (wolfSSL_RSA_up_ref(pkey->rsa) != WOLFSSL_SUCCESS)
return NULL;
return pkey->rsa;
}
/* with set1 functions the pkey struct does not own the RSA structure
@@ -6110,13 +6185,6 @@ WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
*/
int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
{
#if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA)
int ret;
int derSz = 0;
int pkcs8Sz = 0;
byte* derBuf = NULL;
RsaKey* rsa = NULL;
#endif
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA");
if (pkey == NULL || key == NULL)
return WOLFSSL_FAILURE;
@@ -6140,82 +6208,12 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
}
}
#if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA)
rsa = (RsaKey*)key->internal;
/* Get DER size */
derSz = 0;
if (rsa->type == RSA_PRIVATE) {
ret = wc_RsaKeyToDer(rsa, NULL, 0);
if (ret > 0) {
derSz = ret;
#ifdef HAVE_PKCS8
if (key->pkcs8HeaderSz) {
ret = wc_CreatePKCS8Key(NULL, (word32*)&pkcs8Sz, NULL, derSz,
RSAk, NULL, 0);
if (ret == LENGTH_ONLY_E) ret = 0;
}
#endif
}
}
else {
ret = wc_RsaKeyToPublicDer(rsa, NULL, 0);
if (ret > 0)
derSz = ret;
}
if (ret >= 0 && derSz >= 0) {
derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER);
if (derBuf == NULL) {
WOLFSSL_MSG("EVP_PKEY_set1_RSA malloc failed");
return WOLFSSL_FAILURE;
}
if (rsa->type == RSA_PRIVATE) {
ret = wc_RsaKeyToDer(rsa, derBuf, derSz);
if (ret > 0) {
derSz = ret;
#ifdef HAVE_PKCS8
if (key->pkcs8HeaderSz) {
byte* keyBuf = derBuf;
int keySz = derSz;
derSz = pkcs8Sz;
derBuf = (byte*)XMALLOC(pkcs8Sz, pkey->heap,
DYNAMIC_TYPE_DER);
if (derBuf == NULL)
ret = MEMORY_E;
else {
ret = wc_CreatePKCS8Key(derBuf, (word32*)&derSz, keyBuf,
keySz, RSAk, NULL, 0);
}
XFREE(keyBuf, pkey->heap, DYNAMIC_TYPE_DER);
}
#endif
}
}
else {
/* Public key to DER */
ret = wc_RsaKeyToPublicDer(rsa, derBuf, derSz);
if (ret > 0)
derSz = ret;
}
}
if (ret < 0) {
if (rsa->type == RSA_PRIVATE) {
WOLFSSL_MSG("EVP_PKEY_set1_RSA private failed");
}
else {
WOLFSSL_MSG("EVP_PKEY_set1_RSA public failed");
}
if (derBuf)
XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_DER);
#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed");
return WOLFSSL_FAILURE;
}
pkey->pkey.ptr = (char*)derBuf;
pkey->pkey_sz = derSz;
#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !HAVE_USER_RSA */
#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
#ifdef WC_RSA_BLINDING
if (key->ownRng == 0) {
@@ -6565,6 +6563,7 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)
/* try and populate public pkey_sz and pkey.ptr */
static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
{
<<<<<<< master
int derSz = 0;
ecc_key* ecc;
@@ -6588,11 +6587,24 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
}
else {
XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_OPENSSL);
=======
word32 derSz = 0;
byte* derBuf = NULL;
if (!pkey || !ecc)
return WOLFSSL_FAILURE;
if (ecc->type == ECC_PRIVATEKEY || ecc->type == ECC_PRIVATEKEY_ONLY) {
if (wc_EccKeyToPKCS8(ecc, NULL, &derSz) == LENGTH_ONLY_E) {
derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
if (derBuf != NULL) {
if (wc_EccKeyToPKCS8(ecc, derBuf, &derSz) < 0) {
XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL);
>>>>>>> WIP
derBuf = NULL;
}
}
}
}
<<<<<<< master
else {
/* if not, the pkey will be traditional ecc key */
if ((derSz = wc_EccKeyDerSize(ecc, 1)) > 0) {
@@ -6608,12 +6620,27 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
}
else {
XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_OPENSSL);
=======
else if (ecc->type == ECC_PUBLICKEY) {
if ((derSz = (word32)wc_EccPublicKeyDerSize(ecc, 1)) > 0) {
derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
if (derBuf != NULL) {
if (wc_EccPublicKeyToDer(ecc, derBuf, derSz, 1) < 0) {
XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL);
>>>>>>> WIP
derBuf = NULL;
}
}
}
}
return WOLFSSL_FAILURE;
if (derBuf != NULL) {
pkey->pkey_sz = (int)derSz;
pkey->pkey.ptr = (char*)derBuf;
return WOLFSSL_SUCCESS;
}
else {
return WOLFSSL_FAILURE;
}
}
int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key)